ID
VAR-202501-1978
CVE
CVE-2024-57224
TITLE
Linksys of E7350 Command injection vulnerability in firmware
Trust: 0.8
sources:
JVNDB: JVNDB-2025-003593
DESCRIPTION
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. (DoS) It may be in a state. Linksys E7350 is a wireless router device from Linksys. A remote attacker can use this vulnerability to submit a special request and execute arbitrary commands in the application context
Trust: 2.16
sources:
NVD: CVE-2024-57224 //
JVNDB: JVNDB-2025-003593 //
CNVD: CNVD-2025-02442
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2025-02442
AFFECTED PRODUCTS
| vendor: | linksys | model: | e7350 | scope: | eq | version: | 1.1.00.032 | Trust: 1.6 |
| vendor: | linksys | model: | e7350 | scope: | eq | version: | e7350 firmware 1.1.00.032 | Trust: 0.8 |
| vendor: | linksys | model: | e7350 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | linksys | model: | e7350 | scope: | eq | version: | - | Trust: 0.8 |
sources:
CNVD: CNVD-2025-02442 //
JVNDB: JVNDB-2025-003593 //
NVD: CVE-2024-57224
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
CNVD: CNVD-2025-02442 //
JVNDB: JVNDB-2025-003593 //
NVD: CVE-2024-57224
PROBLEMTYPE DATA
| problemtype: | CWE-77 | Trust: 1.0 |
| problemtype: | Command injection (CWE-77) [ others ] | Trust: 0.8 |
sources:
JVNDB: JVNDB-2025-003593 //
NVD: CVE-2024-57224
PATCH
| title: | Patch for Linksys E7350 apcli_do_enr_pin_wps Command Injection Vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/651546 | Trust: 0.6 |
sources:
CNVD: CNVD-2025-02442
EXTERNAL IDS
| db: | NVD | id: | CVE-2024-57224 | Trust: 3.2 |
| db: | JVNDB | id: | JVNDB-2025-003593 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2025-02442 | Trust: 0.6 |
sources:
CNVD: CNVD-2025-02442 //
JVNDB: JVNDB-2025-003593 //
NVD: CVE-2024-57224
REFERENCES
| url: | https://github.com/yanggao017/vuln/blob/main/linksys/e7350/ci_3_apcli_do_enr_pin_wps/readme.md | Trust: 2.4 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2024-57224 | Trust: 0.8 |
sources:
CNVD: CNVD-2025-02442 //
JVNDB: JVNDB-2025-003593 //
NVD: CVE-2024-57224
SOURCES
| db: | CNVD | id: | CNVD-2025-02442 |
| db: | JVNDB | id: | JVNDB-2025-003593 |
| db: | NVD | id: | CVE-2024-57224 |
LAST UPDATE DATE
2025-04-19T22:55:49.840000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2025-02442 | date: | 2025-01-27T00:00:00 |
| db: | JVNDB | id: | JVNDB-2025-003593 | date: | 2025-04-17T08:14:00 |
| db: | NVD | id: | CVE-2024-57224 | date: | 2025-04-16T14:05:26.670 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2025-02442 | date: | 2025-01-15T00:00:00 |
| db: | JVNDB | id: | JVNDB-2025-003593 | date: | 2025-04-17T00:00:00 |
| db: | NVD | id: | CVE-2024-57224 | date: | 2025-01-10T18:15:25.277 |